CVE-2024-40703 – IBM Cognos Analytics information disclosure
https://notcve.org/view.php?id=CVE-2024-40703
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks against affected applications. • https://www.ibm.com/support/pages/node/7160700 https://www.ibm.com/support/pages/node/7168038 • CWE-522: Insufficiently Protected Credentials •
CVE-2023-32344 – IBM Cognos Analytics cross-site request forgery
https://notcve.org/view.php?id=CVE-2023-32344
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to form action hijacking where it is possible to modify the form action to reference an arbitrary path. IBM X-Force ID: 255898. IBM Cognos Analytics 11.1.7, 11.2.4 y 12.0.0 es vulnerable al secuestro de acciones de formulario, donde es posible modificar la acción de formulario para hacer referencia a una ruta arbitraria. ID de IBM X-Force: 255898. • https://exchange.xforce.ibmcloud.com/vulnerabilities/255898 https://security.netapp.com/advisory/ntap-20240405-0002 https://security.netapp.com/advisory/ntap-20240621-0006 https://www.ibm.com/support/pages/node/7123154 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-38359 – IBM Cognos Analytics cross-site scripting
https://notcve.org/view.php?id=CVE-2023-38359
IBM Cognos Analytics 11.1.7, 11.2.4, and 12.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260744. IBM Cognos Analytics 11.1.7, 11.2.4 y 12.0.0 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/260744 https://security.netapp.com/advisory/ntap-20240405-0003 https://security.netapp.com/advisory/ntap-20240621-0006 https://www.ibm.com/support/pages/node/7123154 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-35011 – IBM Cognos Analytics server-side request forgey
https://notcve.org/view.php?id=CVE-2023-35011
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 257705. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257705 https://security.netapp.com/advisory/ntap-20230921-0005 https://security.netapp.com/advisory/ntap-20240621-0005 https://www.ibm.com/support/pages/node/7026692 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2023-35009 – IBM Cognos Analytics information disclosure
https://notcve.org/view.php?id=CVE-2023-35009
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could be used for future attacks. IBM X-Force ID: 257703. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257703 https://security.netapp.com/advisory/ntap-20230831-0014 https://security.netapp.com/advisory/ntap-20240621-0005 https://www.ibm.com/support/pages/node/7026692 • CWE-209: Generation of Error Message Containing Sensitive Information •